I once had a conversation of Ed Skoudis regarding career choices and advice. He indicated that he often gets asked how others can have a career like his. Barring the inevitable warnings of "careful what you wish for," he graciously shared a story with me. In short, he and a number of other friends in the industry sat down for dinner to answer the same question that others now put to Ed. "Hey. I want to do what that guy does. How do we do it?" This special set of interviews will give you a brief glimpse into what will be explored at the summit itself as well as a look into the how these gentlemen "Did it." Each of these three superstars will be asked the same three questions followed by additional questions specifically focused for that individual. Here we go!

First three questions to be answered by Ed, Johnny and HD (All answers below provided by Johnny Long):

1. I would love to have a career just like yours. How did you get where you are and what career advice can you give?

The best career advice I can give is to build your work around what you love. If you pursue your passions, you will be successful. Oh, and work to live. Don’t live to work.

2. Could you share with us your thoughts on balancing your special projects with your day jobs and why it’s important to you to give back to the security community?

I think the term "community" tends to confuse things. What we’re really talking about here is basic relationships between people. No successful relationship is one-sided. In an academic (security) environment, the goal is to advance the field and to learn. This is difficult in a vacuum. If you share what you know with one person, that person will likely return the favor. To flip that around, if all you do is leech, the relational ratio will eventually shut you down.

3. All three of you are very successful while remaining on the ethical side of hacking. Can you offer words of wisdom to encourage others to follow the same path?

No matter how fun it seems at the time, think twice before doing it. Keep clean because trust is difficult to reclaim.

Questions Specifically for Johnny Long:

1. What prompted the creation of johnny.ihackstuff.com but more importantly your willingness to share your techniques and the GHDB with the security community at large?

My URL was meant to be a simple, concise "business card". By handing someone my web address, they know exactly who I am and what I do. Cute, huh? The GHDB started as a list of silly things my team and I found on Google. But it was the commentary that made it fun and kept it alive. Eventually people started sending in their own findings, and it was perfectly natural for me to post them and attribute the source. I’ve never been one to pass off someone else’s effort as my own, despite what some have said. Those that work with me know that I attribute, and they back that up with their actions–they’re still there supporting me.

2. Google Hacking for Penetration Testers, Volume 2 was recently released. Can you give us a quick idea as to what is new/updated in this version?

We dug into Google services, like the API, Google Calendar, Gmail, etc. We also talk quite a bit about open source information gathering, showing how an individual can single handedly launch a very effective infogathering campaign, with amazing results. I’ve also got to mention that every single query, screenshot and bit of text from the first volume has been updated, to make sure that everything works as expected. A lot changes in four years.

3. Your talk entitled "No Tech Hacking" was given at a number of events last year and has now been expanded into a book of the same name. You have also been on the speaking circuit for years as well as contributed to several other books. If one of our readers wanted to advance their career through speaking and writing, what would be the first step you would recommend they take?

I can give the same advice for both writing and speaking: do it a lot. Even if you don’t have anything to write or say, just do it. These are skills that get better with practice. You have to be comfortable in your own skin to excel at either of these, and they aren’t easy things to do. So if you want to be a writer, sit down every day and write. Set a schedule and word count and stick to it. When it comes time to write something real, organize your thoughts (outline!!), and be prepared for your first half hour to suck. Ignore the voices in your head telling you your writing skills suck. Focus on your intended audience (not the ivory-tower types in your industry) and create a work you would like to read. Handle editing separately. Writing is "hot" (as Stephen King would say) and rolls to a boil. Editing is cool and objective. Don’t mix them. Handle them in separate sessions. Read books about writing (Stephen King’s On Writing, Lamotte’s Bird by Bird are both excellent, even if geared towards fiction) and just do it. With regards to speaking, spend time crafting your talk. Know it intimately before you share it with the world. Video tape yourself and watch it critically–over and over and over again until you don’t annoy yourself with your own preso. Then, unleash it on a peer, then a group of peers, crafting as you go along. Once you hone your craft you won’t need to do this every time… You’ll know what sucks and what doesn’t.

4. You are very well known not only for Google hacking but also for your philanthropic endeavors. For example, all of the proceeds of "No Tech Hacking" goes to www.aoet.org, an organization aimed at empowering widows and orphans left in the wake of the HIV/AIDS pandemic. You also founded Hackers for Charity which is a great way for those looking to advance their careers to donate to a worthy cause and in turn get credible experience to add to a resume. Can you tell us how inform our readers on what is expected and what can be learned by getting involved in Hackers for Charity?

From a volunteer standpoint, Hackers for Charity is about sharing your gifts, whatever they may be. Our community is such an amazing place, chock full of amazing talent. A very small percentage of that talent focusses on breaking things and doing illegal stuff. Your "unimportant" gifts can change lives when applied properly. By volunteering for Hackers for Charity, you can make a difference in this world, and by working on projects, you can also advance your career. Whether or not you care about being all altruistic, I think volunteers will discover that amazing things happen when they shift their focus to the world around them.

Subscribe

Deals for EH-Netters

ALL SANS Coupon Codes End 3-31-2015!! This is your last chance to save as SANS is ending their Partner Program. $200 OFF Any 4-6 Day SANS High-Quality Cyber Security Training Course! Any Format! Use Coupon Code: SANS_EHN200 for SANS 2015 (Orlando) & SANS Security West 2015 (San Diego)

Upcoming Industry Events

InfoSec Southwest 2015 InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of[...]

SANS 2015 Information security training in Orlando, Florida from SANS Institute, the global leader in information security training. This namesake event is SANS largest of the year with 42 Courses, 37 Instructors in 6 Disciplines[...]

RSA Conference 2015 – USA Same time, same place, same humongous crowds! RSA Conference 2015 is not specifically focused on hacking, pentesting and the like, but it is the largest general information security event and[...]

SANS Security West 2015 Take Cyber security training in San Diego from SANS Institute, the global leader in information security training. At SANS Security West 2015 + Emerging Trends, we offer more than 20 hands-on,[...]

THOTCON 0x6 THOTCON (pronounced \ˈthȯt\ and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best[...]

BSides Chicago 2015 Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and[...]

CEIC 2015 It’s no exaggeration to say that CEIC (Computer and Enterprise Investigations Conference) is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills[...]

OWASP AppSecEU 2015 The BeNeLux chapters will host the OWASP AppSec Europe Research 2015 global conference in Amsterdam, The Netherlands from May 19-22. Amsterdam is the capital of the Netherlands and the largest city of[...]